Create a remote desktop protocol (RDP) application and configure it with settings that define how users interact with the remote application environment.

Prerequisites:

• On the remote desktop server, publish or distribute the remote application for users to access the application remotely. For example, on a Windows server, you must publish an application as a RemoteApp program to ensure that it's accessible.

• If you want the remote desktop to start a program that is not listed as a published remote application, on a Windows server, you can modify the remote desktop connection settings of the Group Policy to allow remote users to start any application that is not published or listed as a published remote application.

• If you plan to enable remote printing, you must configure printer redirection to allow users to access their local printer in the remote desktop session. On a Windows server, you can configure this setting in the Group Policy or in the client settings of the remote desktop session host configuration.

• If you plan to enable remote file sharing, you must configure a drive redirection to allow users to access their local computer in the remote desktop environment. On a Windows server, you can configure this setting in the Group Policy or in the client settings of the remote desktop session host configuration.

• If you plan to enable copy and paste functionality to and from the remote desktop, you must configure clipboard redirection. On a Windows server, you can configure this setting in the Group Policy or in the client settings of the remote desktop session host configuration.

📘

For instructions on any of these remote desktop operations, see the documentation for your remote desktop server.

In Enterprise Application Access (EAA), you can create a remote desktop application and configure the RDP application with settings that define how users interact with the remote application environment.

After you deploy a remote desktop application, users can access the deployed application with the specified external hostname.

Configure an RDP application

This procedure describes some of the basic settings required to set up an RDP application.

1. Log in to Enterprise Center.

2. In the Enterprise Center navigation menu, select Application Access > Applications > Applications.

3. Click Add Application (+).

4. Select the Application Type, RDP.

5. Provide a name and an optional description.

6. Click Add Application.
   The application details page opens.

7. In Settings tab configure the App Settings, Server Settings, and Connectors as described below.

8. In the App Settings section, configure the following:

   1. You can configure an optional application category.
   2. Akamai Cloud Zone. Select a cloud zone located closest to the datacenter where your application resides.
   3. Select an External Host domain type, then enter the hostname for the application. Select one of the following:

• If you select Use Akamai domain, enter a URL, for example: https://remotespark.go.akamai-access.com, you don't need to configure certificates.

• If you select Use your domain you need to specify certificate a for the domain and set up a CNAME redirect. See Add, edit, and delete certificates, Associate a certificate for using your own domain for your application and Set up a CNAME redirect for an application.

9. In Server Settings for Application Server IP/FQDN configure the following:
   a. In Protocol select rdp (default) for RDP traffic.
   b. In Host: Port enter a valid internal IP address for the server or the fully qualified domain name (FQDN) that you use to access this web server when inside your company's network. Also enter an IP port number.
   If necessary, you can click Add More to add another application server.
   You see a DRAFT VERSION next to the application until you deploy it.

If you are doing origin server certificate validation, provide an FQDN for the Application server. It cannot be done with an IP address of the app server.

Next, you can validate the authenticity of the origin server within the data center with the EAA connector:

c. Verify Origin Server Certificate (off-by-default). Allows you to do the origin server certificate validation (recommended). Also select a root CA certificate.

📘

If you disable Verify Origin Server Certificate, you get a warning message.

d. ROOT CA Certificate. Select the root CA certificate with the full bundle you uploaded into Enterprise Application Access. See Upload a ROOT CA certificate for origin server validation.

📘

If you enableVerify Origin Server Certificate and do not upload a ROOT CA Certificate, you get a warning message.

10. In the Connectors section you can add connectors to your application: Click Add Connector. Select one or more connectors and click Add Connector. The associated connector appears in Connectors.
    To remove a connector, click Remove Connector next to it.

📘

Note:

The Connector should be running successfully to deploy the application.

It is recommended to have more than one connector for high-availability and load balancing.

11. To add authentication to the application select Authentication and enable Authentication.
    1. In Identity provider, select an identity provider from the list.
    2. Click Assign Directory and select one or more directories from the list.
    3. Click Associate.
       The directory appears in Assigned Directories.
12. To configure optional Services see Set up services for an application.
13. To configure optional Access Control rules, see Add access control rules.
14. Click Advanced tab to configure any of the optional advanced settings.
15. In the Remote Desktop Configuration section, you can configure these settings:

a. Initial program. If you want the remote desktop to open an application each time the user logs in, enter the full path to the application executable file. Ensure the path contains escaped backslashes. For example, the path to an application, may look like: C:\\Program Files\\application.exe, where application is the name of the application.

b. Remote App Name. If you want users to only access a specific application in the remote desktop enter the name of the application.

c. Remote App Arguments. If you specified a Remote App Name and a command is required to open the application, enter the command.

d. Remote App Directory. If you specified a Remote App Name and the application must be executed from a specific directory, enter the directory.

e. Support RDP TLS v1. Enable this option if you need to support RDP TLS version 1.

f. Enable remote copy/paste Enable this option, if you want to allow users to copy content from the remote desktop and paste to your local computer or copy content from your computer and paste to the remote desktop.

f. Enable non-Windows RDP Enable this option, if you need to support the application on a non-Windows remote desktop.

g. To enable audio or allow a user to play audio in the remote environment, select Enable audio.

h. To allow users to print from the remote desktop, select Enable printing. By default, the printer name LOCALPRINTER appears in Remote Printer Name. If necessary, modify this the field with the preferred printer name.

i. To allow users to share files or upload files from their computer to the remote desktop, select Enable File Sharing. By default, this setting is enabled to use the LOCALSHARE drive in your remote desktop. This setting appears in Shared Disk Name. If necessary, modify the field with the preferred name of the drive.

16. In Application-facing Authentication Mechanism select one of the following:

• None. Select if you do not want to select an application-facing authentication mechanism. The user is prompted for credentials by the RDP server.

• Auto. Select if you want users to experience a single sign-on based on their Active Directory record.

• Service Account. Select if you want users to log in with credentials that will be shared with many users. In the provided fields, enter the service account username and the service account password. The username must be provided in the following format: domain\userID

17. In History leave default settings and click Save.
    Hover over the Deployment symbol, if all configurations are correct, Ready for Deployment appears.
18. Click Save, to save the application.
19. Click Save and Deploy, to deploy the application. Also see Deploy the application.

Next, If you use a Microsoft Windows server, Connect a Microsoft Windows server to an RDP application.

Connect a Microsoft Windows server to an RDP application

The Enterprise Application Access (EAA) connector does not carry out Network Level Authentication since it is not a part of your organization domain. If you create remote desktop protocol (RDP) application in Enterprise Application Access, you must enable the target Microsoft Windows server to allow remote connections.

1. In your Windows server go to System Properties > Remote.

2. Select Allow remote connections to this computer.

3. Deselect Allow connections only from computers running Remote Desktop with Network Level Authentication.

4. Click Apply and OK.

Access the remote desktop application

As an administrator, you can access the remote desktop application from Enterprise Application Access and view it as an user. The user may be able to perform certain actions in the remote desktop (such as copy and paste content). Those actions depend on the settings that are configured for the remote application in Enterprise Application Access.

Use a pulsing remote desktop icon to set display settings.

1. Click the Applications tab in the top menu bar.
   The Application page appears.

2. Locate the application you wish to access.

3. Click the domain link.
   The RDP portal opens in a new tab.

4. Enter your RDP login credentials. If you configured an application to start when the user logs in or you a configured that only a single application be available for users to access, the remote application is the only one the user can access, the remote application appears. The pulsing remote desktop icon also appears. When you click this icon, you can modify the RDP client display settings.

Next, configure RDP client display settings.

Configure the initial setup for an RDP application

Use an RDP-based application to prevent exposing a complete Windows desktop to users, and to give them access to a single application instead.

For more information see Microsoft article on configuring RemoteApp on Windows server.

1. Add a program to the RemoteApp Programs list on the Windows server.

   1. On the RD Session Host server, click Start to open RemoteApp Manager

   2. In Administrative Tools > Remote Desktop Services select RemoteApp Manager.

   3. In Actions click Add RemoteApp Programs.

   4. In Welcome to the RemoteApp Wizard click Next.

   5. In Choose programs to add to the RemoteApp Programs list select each program that you want to add to the list of RemoteApp programs. You can select multiple programs.

   6. To configure the properties for a RemoteApp program, right-click the program name. Click Properties and configure the following:

   • The program name that appears to users. To change the name, enter a new name in the RemoteApp program name box.

   • The path of the program executable file. To change the path, enter the new path in the Location box, or click Browse to locate the .exe file.

   📘

   You can use system environment variables in the path name. For example, you can substitute %windir% for the explicit path of the Windows folder (such as C:\Windows). You cannot use per user environment variables.

2. Click OK and Next.

3. In Review Settings review the settings and click Finish.
   The selected programs appear in the RemoteApp Programs.

4. Return to Enterprise Center to configure the application you created in previous steps.

5. Select the RDP application to open it.

6. In Advanced > Remote App Name enter the application name. If you specify a Remote App Name, you can configure the following:

   1. In Remote App Arguments enter CLI-level arguments to be executed, that this application requires to launch (if there's any). For example, c 100 -t 50.

   2. In Remote App Directory enter the working directory for this application, if the application needs a specific working directory to execute from.

7. Click Save and exit.

8. Deploy the application.

Maximum resolution for an RDP session in EAA

When using Enterprise Application Access (EAA) in a RDP session, there is a maximum screen resolution provided by two different RDP engines:

• The older engine inherits the properties of the browser window. For example, if your browser window is 800 x 600 when the session starts, it retains that property. To change the resolution, restart the session with the browser window opened larger (or smaller) to alter the size. The older engine does not have the ability to support dual monitors.

• The newer engine has an interface that lets each client alter the resolution and other properties. The maximum resolution is limited by the RDP server version on your Windows server. This Microsoft Technet article describes the resolutions supported by their servers.
  The new engine is more efficient with system resources such as RAM.